variable $content_php is set in php code and should overwrite any user made inserts in url. i think this is not a vulnerability, is it?